Versions Compared

Old Version 1

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version Current

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

...

...

By default, EmpowerID is configured to use SMTP as the provider for email delivery. However, SMTP is not the only provider option. You can elect to use SendGrid (requires a SendGrid account with an API key), Exchange Web Services (on-premise or Office 365) or both SMTP and Exchange Web Services (EWS). If you choose to use

...

more than one provider, you order the precedence by setting

...

the priority

...

 for each. The provider with the lowest priority has the higher precedence. By default, SMTP has precedence

...

. You can change this at any time

...

.

You can configure EmpowerID to process emails differently, depending on your scenario. These scenarios include the following:

  • Simple SMTP

    • relay —

  • relayIn this scenario, you specify the SMTP server that EmpowerID uses to send automated emails on behalf of the system and the

    • default 

  • default from address

    •  for

  •  for all EmpowerID notifications. Examples of these types of emails include welcoming emails sent to new employees, emails sent to users when their passwords are reset by the help desk, and pending password expiration notifications, etc.

  • Authenticated SMTP

    • Delivery —

  • Delivery – In this scenario, you specify an account that EmpowerID should use to connect to the SMTP server. This account must have password that is vaulted in EmpowerID and becomes the

    • default 

  • default From address

    •  used

  •  used for any automated emails sent on behalf of the system. When configuring for authenticated SMTP delivery, you have the option to specify whether to use SSL, TLS and the port used for TLS.

  • Exchange Web Services (EWS)

    •  —

  •  – In this scenario, you specify the account that EmpowerID should use to connect to EWS, as well as the URL to the EWS server. As with configuring EmpowerID for authenticated SMTP delivery, you need to vault the password for the user account.

    • Email approvals 

  • SendGrid – In this scenario, you specify EmpowerID use SendGrid to send automated emails behalf of the system. To use SendGrid, you need to have a SendGrid account with an API key and set up domain authentication in SendGrid to allow SendGrid to send emails originating from EmpowerID. Please see SendGrid’s documentation for further information on configuring SendGrid before selecting SendGrid for sending emails in EmpowerID.

  • Email approvals – In this scenario, you

    • set

  • configure EmpowerID

    • up

  • to give resource owners and other delegated approvers the ability to respond to Access Requests from their email clients, apart from interacting directly with the request in the EmpowerID Web interface. This allows users to respond to requests when away from their desks. To do so, they simply reply to the email with "Approved" or "Rejected." EmpowerID reads the response and submits the decision.

...


rw-Configure EmpowerID for Simple
Expand
title
SMTP Relay

To configure EmpowerID for simple SMTP relay, do the following:

  1. On the navbar, expand Infrastructure Admin >

    EmpowerID Servers and Settings navigate to the Email Settings page by expanding Infrastructure Admin > 

    EmpowerID Servers and Settings and

    then click 

    select Email Settings.

  2. Select SMTP from the Email Delivery Mode drop-down.

  3. In the SMTP Mail Delivery Settings pane, enter the following information:

    • SMTP From Address — This specifies the

      default 

      default From address

       the

       the system should use when sending automated emails to your user.

    • SMTP Server DNS

       

       — This specifies the DNS or IP address of the SMTP server in your environment.

  4. Save your changes.

rw-
Configure EmpowerID for To configure EmpowerID for authenticated SMTP delivery, do the following:
Expand
title
Authenticated SMTP Delivery

  1. On the navbar, expand Infrastructure Admin >

    EmpowerID Servers and Settings navigate to the Email Settings page by expanding Infrastructure Admin > 

    EmpowerID Servers and Settings and

    then click 

    select Email Settings.

  2. Select SMTP from the Email Delivery Mode drop-down.

  3. In the SMTP Mail Delivery Settings pane, enter the following information:

    • Account with Vaulted Password for Authenticated

      SMTP —

      SMTP — Select the user account to be used by EmpowerID to authenticate to the SMTP server and to send automated responses on behalf of the system. This account must have a password that is vaulted in EmpowerID. If the account does not have a password that is vaulted, please see How to Vault Account Passwords below and then return to complete the setup.

    • SMTP From Address — This specifies the

      default 

      default From address

       the

       the system should use when sending automated emails to your user.

    • SMTP Server DNS

       

       — This specifies the DNS or IP address of the SMTP server in your environment.

  4. Save your changes.

info

Note

  • When configuring EmpowerID for authenticated SMTP, the mailbox selected for reading and processing emails takes precedence over

the setting

  • the setting entered in the SMTP From

Address setting

  • Address setting.

info

  • If you are using a mail delivery system other than Exchange that supports SMTP, then you need to create a tracking-only account store and add an account with the appropriate credentials, as well as a user principal name, for that system to that account store. You then vault the password for that user account.

For information on creating tracking-only account stores, see Creating Tracking-Only Account Stores.

  • From the navigation sidebar, expand Identity Administration and click User Accounts.
    • Search for the user account and then click the Logon Name link for it.
  • Click OK to close the Operation Execution Summary.
  • Return to the EmpowerID System Settings page and edit any of the other SMTP settings as needed.
    • Configure EmpowerID for From the View One page for the account, expand the Actions accordion and then click the Edit Vaulted Account Password button.
    Image Removed
    On the Service Account Credentials page that appears, do the following:
  • Click Encryption Certificate and select a certificate for encrypting the password.
  • Enter the password in the Password and Confirm Password fields
    • Click Submit.
    Image Removed
    Expand
    title
    		How to Vault Account Passwords
    Rw expand
    title
    Office 365 / Exchange EWS

    1. On the navbar, expand Infrastructure Admin

      , then 

      > EmpowerID Servers and Settings

      ,

      and

      click

      select Email Settings.

    2. Select Exchange EWS from the Email Delivery Mode drop-down.

    3. On the Email Settings page, edit the following settings:

      • Office 365 / Exchange Mailbox for Send and Receive — This specifies the user account EmpowerID uses to authenticate to the EWS server as well as to send automated emails on behalf of the system. This account needs to have its password vaulted in EmpowerID.

      • Office 365 / Exchange Web Service URL — This specifies the URL to the EWS server. If you are using Office 365, the value of the URL should

        be 

        be https://outlook.office365.com/EWS/Exchange.asmx.

        Image Added

    4. Click Save.

    rw-

    Expand
    titleSendGrid
    Info

    Prerequisites

    In order to use SendGrid as the Email provider, you need to have a SendGrid account with an API key and set up domain authentication in SendGrid to allow SendGrid to send emails originating from EmpowerID. Please see SendGrid’s documentation for further information.

    After setting up SendGrid as outlined by their documentation, you can configure SendGrid as the Email provider in EmpowerID by doing the following:

    1. On the navbar, expand Infrastructure Admin > EmpowerID Servers and Settings and select Email Settings.

    2. Enter the following information in the Email Settings form:

      1. Email Delivery Mode – SendGrid

      2. SendGrid API Key – Your SendGrid API key

        Image Added

    3. Click Save.

    Configure
    Expand
    title
    Email Approvals
    info
    Warningnote

    For EmpowerID to process email approvals, the task or operation being approved or rejected must have the EnableBulkApproval set to the EnableBulkApproval set to true. This  This is set in Workflow Studio.

    If you are using SMTP, follow the procedure outlined in the Configuring EmpowerID for authenticated the authenticated SMTP Delivery section section, including vaulting a user account; otherwise, following the procedure outlined in the Configuring EmpowerID for EWS sectionthe EWS section. After completing those steps, do the below steps.

    1. On the navbar, expand Infrastructure Admin

      , then 

      EmpowerID Servers and Settings

      ,

      and

      click

      select Email Settings.

    2. On the Email settings page, select

      Enable

      Enable Approve by Email Reply.

      Image Added

    3. Click Save.

    Expand
    titleHow To Vault Account Passwords

    1. On the navbar, expand Privileged Access and select Shared Credentials.

    2. Select the All Shared Credentials tab and then click the Add button.

      Image Added


      This opens the Password Vault Data dialog.

      Image Added

       

    3. Enter a name for the shared credential in the Name and Display Name fields.

    4. Click the Shared Credential Policy drop-down and select the appropriate one to link to the credentials. Here are the default options for non-computer credentials:

      • Non-Computer Creds - Multi-Check-Out - No Password Reset — Select this policy to create credentials for an account where more than one check out is allowed and you do not want EmpowerID to reset the password when a user checks in the credentials.

      • Non-Computer Creds - No Approval, No Multi Check-Out with Password Reset — Select this policy to create credentials for an account where more than one check out is not allowed, no approval is required, and you want EmpowerID to reset the password when a user checks in the credentials.

      • Non-Computer Creds - No Multi-Check-Out with Password Reset — Select this policy to create credentials for an account where more than one check out is not allowed and you want EmpowerID to reset the password when a user checks in the credentials. Please note that this policy type is only valid for use with user accounts with passwords that have been vaulted in EmpowerID. The user account must belong to a domain or account store that has been inventoried by EmpowerID.

      • Service Account with Scheduled Password Reset — Select this policy for credentials for a Windows Service account or IIS App pool identity.
        When you select this policy, EmpowerID resets the password against all Windows servers in your environment that have Windows Services or App Pools. Please note that this policy type is only valid for use with service accounts with passwords that have been vaulted in EmpowerID. The service account must belong to a domain or account store that has been inventoried by EmpowerID.

    5. Underneath Location, click Select a Location, then select a location for the credential and click Save.

      Image Added

       

    6. Enter a description in the Description field.

    7. In the User Name field, enter the user name for the account you are vaulting.

    8. In the Password field, enter the password for the account you are vaulting.

    9. Optionally, enter any notes in the Notes field.

    10. Select Enabled.

    11. Click Save.

    12. If you have not yet entered your master password for this session, EmpowerID prompts you to do so. Enter your master password and click OK.

      Image Added

       

    13. If you have not yet created a master password for yourself, EmpowerID prompts you to do so. Enter a password in the Password and Confirm Password fields and click OK.

      Image Added

       

    Insert excerpt
    IL:External Stylesheet
    IL:External Stylesheet
    nopaneltrue